SecurityFocus Linux Newsletter #199
------------------------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------
I. FRONT AND CENTER
1. A Polluted Internet
II. LINUX VULNERABILITY SUMMARY
1. KDE Konqueror Cookie Domain Validation Vulnerability
2. Sympa New List HTML Injection Vulnerability
3. Opera Web Browser JavaScript Denial Of Service Vulnerability
4. FIDOGATE Logfile Path Input Validation Vulnerability
5. EGroupWare Multiple Input Validation Vulnerabilities
6. PostgreSQL Debian GNU/Linux Specific Local Information Discl...
7. Icecast Server Status Display Cross-Site Scripting Vulnerabi...
8. CDE LibDTHelp LOGNAME Environment Variable Local Buffer Over...
9. Zlib Compression Library Denial Of Service Vulnerability
10. Linux Kernel Process Spawning Race Condition Environment
Var...
11. Samba Remote Print Change Notify Denial Of Service
Vulnerabi...
12. Gaim Multiple Vulnerabilities
13. Mozilla/Netscape/Firefox Browsers XPCOM Plug-In For Apple
Ma...
III. LINUX FOCUS LIST SUMMARY
1. Reverse SSH tunelling (Thread)
2. Attempts to push spam through apache (Thread)
IV. NEW PRODUCTS FOR LINUX PLATFORMS
1. Cyber-Ark Inter-Business Vault
2. EnCase Forensic Edition
3. KeyGhost SX
4. SafeKit
5. Astaro Linux Firewall
6. CAT Cellular Authentication Token and eAuthentication Servic...
V. NEW TOOLS FOR LINUX PLATFORMS
1. THC-Hydra v4.3
2. Pads 1.1
3. cenfw 0.3b
4. Firewall Builder 2.0
5. Lepton's Crack 20031130
6. popa3d v0.6.4.1
VII. SPONSOR INFORMATION
I. FRONT AND CENTER
-------------------
1. A Polluted Internet
By Kelly Martin
Worms and viruses that pollute the Internet aren't new. What's new is
the
incredible magnitude of the problem and how it's growing.
http://www.securityfocus.com/columnists/263
II. LINUX VULNERABILITY SUMMARY
-------------------------------
1. KDE Konqueror Cookie Domain Validation Vulnerability
BugTraq ID: 10991
Remote: Yes
Date Published: Aug 21 2004
Relevant URL: http://www.securityfocus.com/bid/10991
Summary:
It is reported that Konqueror is susceptible to a vulnerability while
validating cookie domains, allowing web servers to receive potentially
sensitive cookie data not intended for them.
This vulnerability presents itself when Konqueror allows a web site to
set a cookie with domain restrictions containing certain
country-specific top-level domains.
Attackers may exploit this vulnerability to inject cookie data into the
domains of third party web servers. This may allow for denial of
service attacks against other web services, by injecting invalid or
conflicting cookie data. Other attacks are also likely possible, depending on
the design of targeted web services.
Further details are unknown at this time. This BID will be updated as
further information is disclosed.
2. Sympa New List HTML Injection Vulnerability
BugTraq ID: 10992
Remote: Yes
Date Published: Aug 21 2004
Relevant URL: http://www.securityfocus.com/bid/10992
Summary:
An HTML injection vulnerability is reported in Sympa. The problem
occurs due to a failure of the application to properly sanitize
user-supplied input data.
Unsuspecting users viewing the affected page will have
attacker-supplied malicious code interpreted by their browser in the security context
of the website hosting Sympa.
Attackers may potentially exploit this issue to manipulate web content
or to steal cookie-based authentication credentials. It may be possible
to take arbitrary actions as the victim user.
Versions 4.1, and all 4.1.x releases are reported vulnerable to this
issue.
3. Opera Web Browser JavaScript Denial Of Service Vulnerability
BugTraq ID: 10997
Remote: Yes
Date Published: Aug 21 2004
Relevant URL: http://www.securityfocus.com/bid/10997
Summary:
Opera is a web browser available for a number of platforms, including
Microsoft Windows, Linux and Unix variants and Apple MacOS.
Opera Web Browser is reported to be susceptible to a JavaScript denial
of service vulnerability.
This vulnerability presents itself when Opera attempts to execute a
specific JavaScript command. Upon executing this command, Opera will
reportedly crash.
This vulnerability was reported to exist in version 7.23 of Opera for
Microsoft Windows. Other versions are also likely affected.
4. FIDOGATE Logfile Path Input Validation Vulnerability
BugTraq ID: 11005
Remote: No
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11005
Summary:
FIDOGATE is prone to an input validation error that may permit local
users to append to or create files with the privileges of the program.
The source of the problem is that the attacker may control the location
of the logfile. Since the program is typically setuid 'news', this
could be exploited to append to or create files in the context of that
user.
This issue would only affect versions of the software for UNIX/Linux
variants.
5. EGroupWare Multiple Input Validation Vulnerabilities
BugTraq ID: 11013
Remote: Yes
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11013
Summary:
It is reported that eGroupWare is susceptible to multiple cross-site
scripting and HTML injection vulnerabilities.
The cross-site scripting issues present themselves in the various
parameters of the 'addressbook' and 'calendar' modules. It is also reported
that data input through the 'Search' fields of the 'addressbook',
'calendar', and 'search between projects' functionality are not sufficiently
sanitized.
An attacker can exploit these issues for theft of cookie-based
authentication credentials and other attacks.
Additionally HTML injection vulnerabilities are reported for the
eGroupWare 'Messenger' module and 'Ticket' module.
Attackers may potentially exploit these issues to manipulate web
content or to steal cookie-based authentication credentials. It may be
possible to take arbitrary actions as the victim user.
6. PostgreSQL Debian GNU/Linux Specific Local Information Discl...
BugTraq ID: 11019
Remote: No
Date Published: Aug 23 2004
Relevant URL: http://www.securityfocus.com/bid/11019
Summary:
The version of PostgreSQL contained in Debian/GNU Linux is reported
susceptible to an information disclosure vulnerability. This issue is due
to improper file permissions in the default installation of the
PostgreSQL package.
This may aid attackers in further system compromise.
Versions up to, and including version 7.4.3-3 of the Debian package for
PostgreSQL are reported affected by this vulnerability.
7. Icecast Server Status Display Cross-Site Scripting Vulnerabi...
BugTraq ID: 11021
Remote: Yes
Date Published: Aug 24 2004
Relevant URL: http://www.securityfocus.com/bid/11021
Summary:
Reportedly Icecast Server is affected by a cross-site scripting
vulnerability in the status display functionality. This issue is due to a
failure of the application to properly sanitize user-supplied input.
As a result of this vulnerability, it is possible for a remote attacker
to create a malicious link containing script code that will be executed
in the browser of an unsuspecting user when followed. This may
facilitate the theft of cookie-based authentication credentials as well as
other attacks.
8. CDE LibDTHelp LOGNAME Environment Variable Local Buffer Over...
BugTraq ID: 11050
Remote: No
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11050
Summary:
A buffer overflow vulnerability is identified in CDE libDtHelp.
Because of this, it may be possible for a local attacker to gain elevated
privileges.
The problem is in the handling of data contained in a certain
environment variable. Due to insufficient bounds checking, it is possible that
system memory will be corrupted potentially overwriting sensitive values
when the environment variable data is copied into memory.
A local attacker may exploit this vulnerability in order to execute
arbitrary code in the context software that is linked to the vulnerable
library.
9. Zlib Compression Library Denial Of Service Vulnerability
BugTraq ID: 11051
Remote: Yes
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11051
Summary:
The Zlib compression library is reportedly susceptible to a denial of
service vulnerability. This vulnerability is caused by a failure of the
application to properly handle malformed input during the decompression
process.
This vulnerability is reported to exist in version 1.2.1 of the
library. Other versions are also likely affected.
10. Linux Kernel Process Spawning Race Condition Environment Var...
BugTraq ID: 11052
Remote: No
Date Published: Aug 25 2004
Relevant URL: http://www.securityfocus.com/bid/11052
Summary:
The Linux Kernel is prone to a race condition that may potentially
expose information about the environment of a process.
The race condition is reported to occur while a process is spawning.
If the condition is successfully exploited, an attacker could read
environment variables associated with a process they do not own.
11. Samba Remote Print Change Notify Denial Of Service Vulnerabi...
BugTraq ID: 11055
Remote: Yes
Date Published: Aug 26 2004
Relevant URL: http://www.securityfocus.com/bid/11055
Summary:
Samba is reportedly vulnerable to a remote denial of service
vulnerability in the processing of print change notify requests. This issue is
due to a failure of the application to handle out of sequence requests.
An attacker might leverage this issue to cause the affected server to
crash, denying service to legitimate users.
12. Gaim Multiple Vulnerabilities
BugTraq ID: 11056
Remote: Yes
Date Published: Aug 26 2004
Relevant URL: http://www.securityfocus.com/bid/11056
Summary:
Gaim version 0.82 has been released. This version addressed various
security vulnerabilities.
The following specific issues have been disclosed by the vendor:
Gaim is reported prone to a remote arbitrary command execution
vulnerability during the installation of a smiley theme.
The Gaim client is reported prone to a remote heap overflow
vulnerability when processing data from a groupware server.
A remote buffer overflow vulnerability exists in the URI parsing
utility.
A buffer overflow vulnerability arises when the application performs a
DNS query to obtain a hostname when signing on to zephyr.
Another buffer overflow presents itself when the application processes
Rich Text Format (RTF) messages.
A malicious server can trigger a buffer overflow vulnerability in Gaim
by supplying an excessive value for the 'content-length' header.
These issues affect Gaim versions prior to 0.82. Some of these issues
may have been reported previously. This BID will be updated and
divided into individual BIDs as more information becomes available.
13. Mozilla/Netscape/Firefox Browsers XPCOM Plug-In For Apple Ma...
BugTraq ID: 11059
Remote: Yes
Date Published: Aug 26 2004
Relevant URL: http://www.securityfocus.com/bid/11059
Summary:
Browsers based on the Gecko engine are reported prone to a content
spoofing vulnerability when they are running on the Apple Mac OS X
platform. It is reported that the vulnerability occurs when the browser is
configured to employ 'Tabbed Browsing' functionality.
In essence, an XPCOM plug-in that is invoked in one tab will be drawn
into the environment of alternate tabs that are open in the same browser
window.
This vulnerability may be eexploited to spoof content and to aid in
phishing style attacks.
III. LINUX FOCUS LIST SUMMARY
-----------------------------
1. Reverse SSH tunelling (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/373398
2. Attempts to push spam through apache (Thread)
Relevant URL:
http://www.securityfocus.com/archive/91/372845
IV. NEW PRODUCTS FOR LINUX PLATFORMS
------------------------------------
1. Cyber-Ark Inter-Business Vault
By: Cyber-Ark
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Relevant URL:
http://www.cyber-ark.com/datasecuritysoftware/inter-business_vault.htm
Summary:
Based on Cyber-Ark Software's Vaulting Technology, the Inter-Business
Vault, an information security solution that enables organizations to
safely overcome traditional network boundaries in order to securely share
business information among customers, business partners, and remote
branches. It provides a seamless, LAN-like experience over the Internet
that includes all the security, performance, accessibility, and ease of
administration required to allow organizations to share everyday
information worldwide. To learn more about these core attributes of the
Inter-Business Vault click on the relevant link below:
2. EnCase Forensic Edition
By: Guidance Software Inc.
Platforms: DOS, FreeBSD, Linux, MacOS, NetBSD, OpenBSD, PalmOS,
Solaris, UNIX, Windows 2000, Windows 95/98, Windows NT, Windows XP
Relevant URL:
http://www.guidancesoftware.com/products/EnCaseForensic/index.shtm
Summary:
EnCase Forensic Edition Version 4 delivers the most advanced features
for computer forensics and investigations. With an intuitive GUI and
superior performance, EnCase Version 4 provides investigators with the
tools to conduct large-scale and complex investigations with accuracy and
efficiency. Guidance Software?s award winning solution yields
completely non-invasive computer forensic investigations while allowing
examiners to easily manage large volumes of computer evidence and view all
relevant files, including "deleted" files, file slack and unallocated
space.
The integrated functionality of EnCase allows the examiner to perform
all functions of the computer forensic investigation process. EnCase's
EnScript, a powerful macro-programming language and API included within
EnCase, allows investigators to build customized and reusable forensic
scripts.
3. KeyGhost SX
By: KeyGhost Ltd
Platforms: BeOS, DOS, Linux, OS/2, Solaris, SunOS, Windows 2000,
Windows 95/98, Windows NT, Windows XP
Relevant URL: http://www.keyghost.com/SX/
Summary:
KeyGhost SX discreetly captures and records all keystrokes typed,
including chat conversations, email, word processor, or even activity within
an accounting or specialist system. It is completely undetectable by
software scanners and provides you with one of the most powerful stealth
surveillance applications offered anywhere.
Because KeyGhost uses STRONG 128-Bit encryption to store the recorded
data in it?s own internal memory (not on the hard drive), it is
impossible for a network intruder to gain access to any sensitive data stored
within the device.
4. SafeKit
By: Evidian Inc.
Platforms: AIX, HP-UX, Linux, Solaris, Windows 2000
Relevant URL: http://www.evidian.com/safekit/index.htm
Summary:
Evidian's SafeKit technology makes it possible to render any
application available 24 hours per day. With no extra hardware: just use your
existing servers and install this software-only solution.
This provides ultimate scalability. As your needs grow, all you need to
do is add more standard servers into the cluster. With the load
balancing features of SafeKit, you can distribute applications over multiple
servers. If one system fails completely, the others will continue to
serve your users.
5. Astaro Linux Firewall
By: Astaro
Platforms: Linux
Relevant URL: http://www.astaro.com/php/statics.php?action=asl&lang=gb
Summary:
Astaro Linux Firewall: All-in-one firewall, virus protection, content
filtering and spam protection internet security software package for
Linux.
Free download for home users.
6. CAT Cellular Authentication Token and eAuthentication Servic...
By: Mega AS Consulting Ltd
Platforms: Java, Linux, OpenBSD, Os Independent, SecureBSD, Solaris,
UNIX, Windows 2000, Windows NT
Relevant URL: http://www.megaas.co.nz
Summary:
Low cost, easy to use Two Factor Authentication One Time Password token
using the Cellular. Does not use SMS or communication, manages multiple
OTP accounts - new technology. For any business that want a safer
access to its Internet Services. More information at our site.
We also provide eAuthentication service for businesses that will not
buy an Authentication product but would prefer to pay a monthly charge
for authentication services from our our CAT Server.
V. NEW TOOLS FOR LINUX PLATFORMS
--------------------------------
1. THC-Hydra v4.3
By: THC
Relevant URL: http://www.thc.org/releases/hydra-4.3-src.tar.gz
Platforms: AIX, FreeBSD, HP-UX, IRIX, Linux, NetBSD, OpenBSD, Solaris,
UNIX
Summary:
THC-Hydra - parallized login hacker is available: for Samba, FTP, POP3,
IMAP, Telnet, HTTP Auth, LDAP, NNTP, MySQL, VNC, ICQ, Socks5, PCNFS,
Cisco and more. Includes SSL support and is part of Nessus. Visit the
project web site to download Win32, Palm and ARM binaries. Changes:
important bugfix!
2. Pads 1.1
By: Matt Shelton
Relevant URL:
http://freshmeat.net/projects/pads/?branch_id=52504&release_id=169973
Platforms: Linux
Summary:
Pads (Passive Asset Detection System) is a signature-based detection
engine used to passively detect network assets. It is designed to
complement IDS technology by providing context to IDS alerts.
3. cenfw 0.3b
By: Peter Robinson
Relevant URL: http://www.securegateway.org
Platforms: Linux, Windows 2000, Windows NT, Windows XP
Summary:
The Centron IPTables Firewall Gui is an object oriented, database
driven, windows interface to linux IPtables firewall rules.
4. Firewall Builder 2.0
By: Vadim Kurland
Relevant URL: http://www.fwbuilder.org/
Platforms: FreeBSD, Linux, MacOS, Solaris, Windows 2000, Windows XP
Summary:
Firewall Builder consists of a GUI and set of policy compilers for
various firewall platforms. It helps users maintain a database of objects
and allows policy editing using simple drag-and-drop operations. The GUI
and policy compilers are completely independent, and support for a new
firewall platform can be added to the GUI without any changes to the
program (only a new policy compiler is needed). This provides for a
consistent abstract model and the same GUI for different firewall platforms.
It currently supports iptables, ipfilter, and OpenBSD pf.
5. Lepton's Crack 20031130
By: Lepton and Nekromancer
Relevant URL: http://www.nestonline.com/lcrack/lcrack-20031130-beta.zip
Platforms: Linux, MacOS, Os Independent, UNIX, Windows 2000, Windows
NT, Windows XP
Summary:
Lepton's Crack is a generic password cracker. It is easily-customizable
with a simple plugin system and allows system administrators to review
the quality of the passwords being used on their systems. It can
perform a dictionary-based (wordlist) attack as well as a brute force
(incremental) password scan. It supports standard MD4 hash, standard MD5 hash,
NT MD4/Unicode, Lotus Domino HTTP password (R4), and SHA-1 hash
formats. LM (LAN Manager) plus appending and prepending
6. popa3d v0.6.4.1
By: Solar Designer, solar@openwall.com
Relevant URL: http://www.openwall.com/popa3d/
Platforms: Linux, Solaris
Summary:
popa3d is a POP3 daemon which attempts to be extremely secure,
reliable, RFC compliant, and fast (in that order).
VII. SPONSOR INFORMATION
-----------------------
This Issue is Sponsored By: SecurityFocus
Want to keep up on the latest security vulnerabilities? Don't have time
to
visit a myriad of mailing lists and websites to read the news? Just add
the
new SecurityFocus RSS feeds to your freeware RSS reader, and see all
the
latest posts for Bugtraq and the SF Vulnernability database in one
convenient place. Or, pull in the latest news, columnists and feature
articles in the SecurityFocus aggregated news feed, and stay on top of
what's happening in the community!
http://www.securityfocus.com/rss/index.shtml
------------------------------------------------------------------------